More Satellites Than You Can Shake a Stick At

This video is really amazingly inspiring:

Not only does it show more satellites than I’ve ever seen in a single frame of video, but the rocket that took them up was launched by the Indian Space Research Organisation, who managed to launch not only the largest satellite constellation ever, but had room for a few more birds in the launch. It’s an impressive achievement, and it (visually) crystalizes a shift in how we approach space. Also, congratulations to the team at Planet, the ability to image all of Earth’s landmass every day.

Launching a micro satellite into low Earth orbit is now accessible to hobbyists. Many readers of this blog could do it. That’s astounding. Stop and think about that for a moment. Our failure to have exciting follow-on missions after Apollo can obscure the fascinating things which are happening in space, as it gets cheap and almost boring to get to low Earth orbit. The Economist has a good summary. That’s not to say that there aren’t things happening further out. This is the year that contestants in the Google Lunar XPrize competition must launch. Two tourists have paid a deposit to fly around the moon.

But what’s happening close to the planet is where the economic changes will be most visible soon. That’s not to say it’s the only thing to watch, but the same engines will enable more complex and daring missions.

For more on what’s happening in India around space exploration and commercialization, this is a fascinating interview with Susmita Mohanty.

Video link: ISRO PSLV-C37 onboard camera view of 104 satellites deployment

On Immigration and Refugees

NewImage Sergey Brin and baby
The ban on refugees is illegal, immoral and un-American, and as an American, I want to add my voice.

The ban is illegal. (“Trump’s Immigration Ban Is Illegal.”) I suspect that the United States also has legal obligations under treaties to accept refugees, but Google isn’t my lawyer, and I am no expert.

The ban is immoral. Those who have gone through our immigration process and gotten green cards are being restricted from returning to the US. Those people have followed the legal path to immigration and built lives here. We made a deal with them and we’re breaking it, suddenly and without warning. Those people might have jobs, school, or family to return to, and their lives are upended and uncertain. These are not illegal aliens, they are people who have gone through a complex, and sometimes kafka-esque immigration process.

I have worked with engineers from Syria. (I’m not going to name them in today’s climate.) They did good work, and were good people. They were dealing with the horror of hearing family back home was missing, and they did good work anyway.

The President is hurting America with this ban. By telling those here legally that their status can be upended at a whim, he makes a strong argument against coming here by following the rules as they exist on a given day. Some people will continue to come here in violation of the law; others will go elsewhere, and another country will get both the risk and the reward from that set of refugees.

It’s worth noting that the protests and court orders yesterday, while welcome, “Despite growing dissent, Trump gives no sign of backing down from travel ban.” I guess we need to keep calling this what it is: un-American.

Pictured is John von Neumann, refugee, and inventor of the von Neumann architecture that’s at the heart of the computer on which you’re reading this, and Sergey Brin, co-founder of Google, on his way to protest in San Francisco.

[Update: The hawks at Lawfare blog have an analysis, Malevolence Tempered by Incompetence:.]

Kyber Crystal and the Death Star

Death star construction

This post has spoilers for Rogue One, and also Return of the Jedi.

We learn in Rogue One that the Death Star’s main gun is powered by Kyber crystal. We know from various sources that it’s rare.

Then the Death Star is tested, destroying Jedah, where they’re mining the crystals. Note that both times its fired, they give the order “single reactor ignition.” Are they testing the reactors and power systems, or conserving kyber crystal?

Really, how much “ammo” did the original Death Star have on board? How many times could they fire the main gun?

Was ten or fifteen shots considered sufficient, because after a demonstration, fear will keep the local systems in line? Where did they find enought kyber crystal for the second Death Star?

The Dope Cycle and the Two Minutes Hate

[Updated with extra links at the bottom.]

There’s a cycle that happens as you engage on the internet. You post something, and wait, hoping, for the likes, the favorites, the shares, the kind comments to come in. You hit reload incessantly even though the site doesn’t need it, hoping to get that hit that jolt even a little sooner. That dopamine release.

A Vicious cycle of pain, cravings, more drugs, and guilt

Site designers refer to this by benign names, like engagement or gamification and it doesn’t just happen on “social media” sites like Twitter or Instagram. It is fundamental to the structure of LinkedIn, of Medium, StackExchange, of Flickr. We are told how popular are the things we observe, and we are told to want that popularity. Excuse me, I mean that influence. That reach. And that brings me to the point of today’s post: seven tips to increase your social media impactfulness. Just kidding.

Not kidding: even when you know you’re being manipulated into wanting it, you want it. And you are being manipulated, make no mistake. Site designers are working to make your use of their site as pleasurable as possible, as emotionally engaging as possible. They’re caught up in a Red Queen Race, where they must engage faster and faster just to stay in place. And when you’re in such a race, it helps to steal as much as you can from millions of years of evolution. [Edit: I should add that this is not a moral judgement on the companies or the people, but rather an observation on what they must do to survive.] That’s dopamine, that’s adrenaline, that’s every hormone that’s been covered in Popular Psychology. It’s a dope cycle, and you can read that in every sense of the word dope.

This wanting is not innocent or harmless. Outrage, generating a stronger response,
wins. Sexy, generating a stronger response, wins. Cuteness, in the forms of awwws, wins. We are awash in messages crafted to generate strong emotion. More, we are awash in messages crafter to generate stronger emotion than the preceding or following message. This is not new. What is new is that the analytic tools available to its creators are so strong that the Red Queen Race is accelerating (by the way, that’s bait for outraged readers to insist I misunderstand the Red Queen Race, generating views for this post). The tools of 20th century outrage are crude and ineffective. Today’s outrage cycle over the House cancelling its cancellation of its ethics office is over, replaced by outrage over … well, it’s not year clear what will replace it, but expect it to be replaced.

When Orwell wrote of the Two Minutes Hate, he wrote:

The horrible thing about the Two Minutes Hate was not that one was obliged to act a part, but that it was impossible to avoid joining in. Within thirty seconds any pretense was always unnecessary. A hideous ecstasy of fear and vindictiveness, a desire to kill, to torture, to smash faces in with a sledge hammer, seemed to flow through the whole group of people like an electric current, turning one even against one’s will into a grimacing, screaming lunatic. And yet the rage that one felt was an abstract, undirected emotion which could be switched from one object to another like the flame of a blowlamp.

I am reminded of Hoder’s article, “The Web We Have to Save” (4.4K hearts, 165 balloons, and no easy way to see on Medium how many sites link to it). Also of related interest is Good-bye to All That Twitter and “Seattle author Lindy West leaves Twitter, calls it unusable for ‘anyone but trolls, robots and dictators’” but I don’t think Twitter, per se, is the problem. Twitter has a number of aspects which make trolling (especially around gender and race issues, but not limited to them) especially emotionally challenging. Those are likely closely tied to the anticipation of positivity in “mentions”, fulfilled by hate. But the issues are made worse by site design that successfully increases engagement.

I don’t know what to do with this observation. I have tried to reduce use of sites that use the structures of engagement: removing them from my reading in the morning, taking their apps off my phone. But I find myself typing their URLs when I’m task switching. I am reluctant to orient around addiction, as it drags with it a great deal of baggage around free will and ineffective regulation.

But removing myself from Twitter doesn’t really address the problem of the two minutes hate, nor of the red queen race of dope cycles. I’d love to hear your thoughts on what to do about them.


[Update: Related, “Hacking the Attention Economy,” by danah boyd.]

[Update (8 Feb): Hunter Walk writes “Why Many Companies Mistakingly Think Trolls & Harassment Are Good for Business,” and I’d missed Tim Wu writing on “The Attention Merchants.”]

Rogue One: The Best Star Wars Yet?

NewImageSomeone once asked me why I like Star Wars more than Star Trek. I was a bit taken aback, and he assumed that since I use it so much, I obviously prefer it. The real reason I use Star Wars is not that it’s better, but that there’s a small canon, and I don’t have to interrupt the flow of a talk to explain the scene where Darth Vader is strangling someone. But let’s face it, Star Trek was often better as science fiction. There are four or five bright lights that rank up there as some of the very best storytelling of the last few decades.


Trek at its most poignant was a transparent mirror to the world. The original series commented on Vietnam and race repeatedly in ways which let people see another way of looking at a situation. Moral nuance is easier to see when the ox being gored isn’t yours.

Rogue One is the first Star Wars with moral complexity. If you haven’t seen it, I find your lack of faith…disturbing. But when there’s a guy who cost you your limbs, your children, and threw the galaxy into civil war, throwing him in the reactor core isn’t a very complex choice. In fact, the whole “dark side” is a bit of a giveaway. In case you miss that, the Jedi were guardians of peace and justice throughout the galaxy. Are we clear yet? No? How about the Nazi uniforms? I could go on, but we’re gonna get to spoilers. My point is, the first four films were great action movies. Maybe we’ll see some moral complexity when someone finally gets around to filming the tragic fall of Anakin Skywalker, reputedly the core story of I-III. But I’m betting they’ll be action movies with talking teddy bears for the kids.

Speaking of morality, if you’re just now noticing that your political world resembles the Empire’s, or if you’re angry that the script seems to mock your party…maybe you should look at your world through that mirror and ask if you’re on the right side of morality or history. After all, that’s what makes for great science fiction. The opportunity to see the world through a new lens. And the fact is, the story was not substantially re-written. “Rogue One’s Discarded Dialog” and See 46 shots that were cut from Rogue One” show a story with a little less character, a little more army, but not a sympathetic, racially and species-diverse Empire. The movie wasn’t re-written as a commentary on 2016.

Structurally, Rogue One is a war story, not an action story. It’s not about the hero’s journey, or Luke growing up. It’s a story about the chaos that follows a civil war, and it’s messy and has characters who make choices from a set of bad options.

When Cassian shoots the fellow so he can escape at the start? Galen Erso’s decision to work on the Death Star, delay it, and insert a flaw (or two?) These are perhaps the wrong choices in bad situations. We don’t see why Saw Gerrera and the Rebel Alliance split. We see the Rebellion at its worst — unable to take action in the face of imminent destruction, and then impulsively chasing Rogue One into battle. (What Rogue One Teaches Us About the Rebel Alliance’s Military Chops is a great dissection of this.)

But we can look to Galen Erso’s decision to work on the Death Star, and have a conversation about what he should have done. Gone to a labor camp and let someone else build it with a better reactor core? What if that someone else had put more shielding over the thermal exhaust ports? (Speaking of which, don’t miss “The Death Star Architect Speaks Out,” and perhaps even my commentary, “Governance Lessons from the Death Star Architect.” I think the governance questions are even more interesting now, if the Empire were to conduct a blameless post mortem, but we know they don’t.) We can use that decision to talk, abstractly, about taking a job in the Trump Administration with less of the horrible emotional weight that that carries.

That mirror on the world is what great science fiction offers us, and that’s what makes Rouge One the best Star Wars yet.

Electoral Chaos

[Dec 15: Note that there are 4 updates to the post with additional links after writing.]

The Green Party is driving a set of recounts that might change the outcome in one or more swing states. Simultaneously, there is a growing movement to ask the Electoral College to choose a candidate other than Donald Trump to be the next President of the United States. Some surprisingly serious people are publicly making arguments for the Electoral College taking an active role, including law professors Sandy Levinson and Lawrence Lessig. Lessig’s essay at the Washington Post starts:

Conventional wisdom tells us that the electoral college requires that the person who lost the popular vote this year must nonetheless become our president. That view is an insult to our framers. It is compelled by nothing in our Constitution. It should be rejected by anyone with any understanding of our democratic traditions  — most important, the electors themselves. (“The Constitution lets the electoral college choose the winner. They should choose Clinton,” Lawrence Lessig)

Lessig’s piece links to Federalist #68, written by the newly popular Hamilton. Having the electoral college not vote for Trump, after Clinton conceded, and after the current President met with him, seems problematic at best. Trump promised to respect the results if he was elected, but yesterday tweeted claims that “millions” had voted illegally, which might lead one to expect that some had voted illegally for him, adding legitimacy to a recount or re-evaluation of results.

A Electoral College outcome other than Trump will be labeled a “stolen election,” and there have already been threats of violence by surprisingly serious people. Some of those who might engage in violence are already are engaged in disgraceful and un-American attacks on their fellow citizens based on race, creed, color, gender, or sexual orientation. They seem to treat the election as a “great disinhibition.” However, as horrifiying as those attacks are, and as many as there are, there are people who would not engage in such attacks but would call the election stolen. That would further undercut the legitimacy of the Federal government. (Chaos and legitimacy is topic that’s been occupying my thoughts for a while, but I have relatively little to say which is new.)

My take: the Electoral College exists for a reason. (See the above-linked Federalist #68). The best choice from a very bad set of possibilities is a “caretaker” government. The country is roughly evenly divided in hating either Clinton, Trump, or both. We should select a President who will not push for large changes or mess things up, and can start to address the real class issues which were exposed by the election. A middle of the road Republican and Democrat might be less unpalatable than other options.

Some relevant and interesting links:

Please keep comments civil. Additional interesting links are welcome.

[Update Dec 2: This is a thoughtful, left-wing consideration of the election, which makes the point that no single explanation is dominant. “Everything mattered: lessons from 2016’s bizarre presidential election.” Also, seven electors are now looking to strike a deal: “Teen becomes seventh ‘faithless elector’ to protest Trump as president-elect.” By the way, there’s probably an interesting story in how a 19 year old becomes a member of the Electoral College. Lastly, the Economist has an article on “Why an electoral college rebellion would be a bad idea.”]

[Update Dec 8: “Dump the electoral college? Bad idea, says Al Gore’s former campaign chairman.,” which includes the argument “it forces candidates to campaign in a variety of closely contested races, where political debate is typically robust.” Despite that, Texas Republican Elector Christopher Suprun has written “Why I Will Not Cast My Electoral Vote for Donald Trump.”]

[Update Dec 12: Videos: from one of the Hamilton Electors, Tucker Carlson vs. 2 Electors. “Electors demand intelligence briefing before Electoral College vote.”]

[Update Dec 15: “Virginia congressman calls for delay in electoral college vote,” and the open letter “Bipartisan Electors Ask James Clapper: Release Facts on Outside Interference in U.S. Election” now has over 50 signatures, and NBC is reporting that “Putin Personally Involved in U.S. Election Hack,” and that has to play into questions about legitimacy and the choice of Electors.]

Mac Command Line: Turning Apps into Commands

I moved to MacOS X because it offers both a unix command line and graphical interfaces, and I almost exclusively use the command line as I switch between tasks. If you use a terminal and aren’t familiar with the open command, I urge you to take a look.

I tend to open documents with open ~/Do[tab]… I wanted a way to open more things like this. I wanted to treat every app as if it were a command. I did this a little while back, and recently had to use a Mac without these little aliases and it was annoying! (We know that mousing was objectively faster and cognitively slower than keyboard use.

So I thought I’d share. This works great in a .tcshrc. I spent a minute translating into bash, but the escaping escaped me. Also, I suppose there might be a more elegant approach to the MS apps, but it was easier to write 5 specific aliases than to figure it out.

Anyway, here’s the code:

foreach f (/Applications/*.app /Applications/Utilities/*.app)
    set t=`basename -a $f`
	# Does not work if your app has a shell metachar in the name. Lookin' at you, superduper!
    set w=`echo $t | sed  -e 's/ //g' -e  's/.app$//'  | tr '[A-Z]' '[a-z]'`
    alias $w open -a \""$f"\"  
end

alias excel open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ Excel.app"
alias word open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ Word.app"
alias powerpoint open -a "/Applications/Microsoft\ Office\ 2011/Microsoft\ PowerPoint.app"
alias ppt powerpoint
alias xls excel

(Previously: Adding emacs keybindings to Word.)

Election 2016

This election has been hard to take on all sorts of levels, and I’m not going to write about the crap. Everything to be said has been said, along which much that never should have been said, and much that should disqualify those who said it from running for President. I thought about endorsing Jill Stein, the way we endorsed McCain-Palin in 2008, but even the Onion is having trouble being funny.

One thing which makes the American election system less functional is the electoral college system, which means that essentially a small number of states decide the election.

There is an effort underway to change that to a national popular vote, and there’s a group working towards that by getting states to agree amongst themselves to allocate their electoral college votes towards the winner of the national popular vote, once enough states have made that commitment to control the results of the elections. Its a pretty neat approach to patching the Constitution, and you can learn more at National Popular Vote.

Also in the spirit of nice things to see today, WROC in Rochester is streaming from the resting place of Susan B Anthony, whose tombstone has been covered with “I voted” stickers, and as I watch, people are reading the Seneca Falls Declaration.

Gavle Goat, now 56% more secure!

A burned wooden goat

“We’ll have more guards. We’re going to try to have a ‘goat guarantee’ the first weekend,” deputy council chief Helene Åkerlind, representing the local branch of the Liberal Party, told newspaper Gefle Dagblad.

“It is really important that it stays standing in its 50th year,” she added to Arbetarbladet.

Gävle Council has decided to allocate an extra 850,000 kronor ($98,908) to the goat’s grand birthday party, bringing the town’s Christmas celebrations budget up to 2.3 million kronor this year. (“Swedes rally to protect arson-prone yule goat“_

Obviously, what you need to free up that budget is more burning goats. Or perhaps its a credible plan on why spending it will reduce risk. I’m never quite sure.

Previously: 13 Meter Straw Goat Met His Match, Gavle Goat Gone, Burning News: Gavle Goat, Gävle Goat Gambit Goes Astray, The Gavle Goat is Getting Ready to Burn!.

Image: The goat’s mortal remains, immortalized in 2011 by Lasse Halvarsson.

Diagrams in Threat Modeling

When I think about how to threat model well, one of the elements that is most important is how much people need to keep in their heads, the cognitive load if you will.

In reading Charlie Stross’s blog post, “Writer, Interrupted” this paragraph really jumped out at me:

One thing that coding and writing fiction have in common is that both tasks require the participant to hold huge amounts of information in their head, in working memory. In the case of the programmer, they may be tracing a variable or function call through the context of a project distributed across many source files, and simultaneously maintaining awareness of whatever complex APIs the object of their attention is interacting with. In the case of the author, they may be holding a substantial chunk of the plot of a novel (or worse, an entire series) in their head, along with a model of the mental state of the character they’re focussing on, and a list of secondary protagonists, while attempting to ensure that the individual sentence they’re currently crafting is consistent with the rest of the body of work.

One of the reasons that I’m fond of diagrams is that they allow the threat modelers to migrate information out of their heads into a diagram, making room for thinking about threats.

Lately, I’ve been thinking a lot about threat modeling tools, including some pretty interesting tools for automated discovery of existing architecture from code. That’s pretty neat, and it dramatically cuts the cost of getting started. Reducing effort, or cost, is inherently good. Sometimes, the reduction in effort is an unalloyed good, that is, any tradeoffs are so dwarfed by benefits as to be unarguable. Sometimes, you lose things that might be worth keeping, either as a hobby like knitting or in the careful chef preparing a fine meal.

I think a lot about where drawing diagrams on a whiteboard falls. It has a cost, and that cost can be high. “Assemble a team of architect, developer, test lead, business analyst, operations and networking” reads one bit of advice. That’s a lot of people for a cross-functional meeting.

That meeting can be a great way to find disconnects in what people conceive of building. And there’s a difference between drawing a diagram and being handed a diagram. I want to draw that out a little bit and ask for your help in understanding the tradeoffs and when they might and might not be appropriate. (Gary McGraw is fond of saying that getting these people in a room and letting them argue is the most important step in “architectural risk analysis.” I think it’s tremendously valuable, and having structures, tools and methods to help them avoid ratholes and path dependency is a big win.)

So what are the advantages and disadvantages of each?

Whiteboard

  • Collaboration. Walking to the whiteboard and picking up a marker is far less intrusive than taking someone’s computer, or starting to edit a document in a shared tool.
  • Ease of use. A whiteboard is still easier than just about any other drawing tool.
  • Discovery of different perspective/belief. This is a little subtle. If I’m handed a diagram, I’m less likely to object. An objection may contain a critique of someone else’s work, it may be a conflict. As something is being drawn on a whiteboard, it seems easier to say “what about the debug interface?” (This ties back to Gary McGraw’s point.)
  • Storytelling. It is easier to tell a story standing next to a whiteboard than any tech I’ve used. A large whiteboard diagram is easy to point at. You’re not blocking the projector. You can easily edit as you’re talking.
  • Messy writing/what does that mean? We’ve all been there? Someone writes something in shorthand as a conversation is happening, and either you can’t read it or you can’t understand what was meant. Structured systems encourage writing a few more words, making things more tedious for everyone around.

Software Tools

  • Automatic analysis. Tools like the Microsoft Threat Modeling tool can give you a baseline set of threats to which you add detail. Structure is a tremendous aid to getting things done, and in threat modeling, it helps in answering “what could go wrong?”
  • Authority/decidedness/fixedness. This is the other side of the discovery coin. Sometimes, there are architectural answers, and those answers are reasonably fixed. For example, hardware accesses are mediated by the kernel, and filesystem and network are abstracted there. (More recent kernels offer filesystems in userland, but that change was discussed in detail.) Similarly, I’ve seen large, complex systems with overall architecture diagrams, and a change to these diagrams had to be discussed and approved in advance. If this is the case, then a fixed diagram, printed poster size and affixed to walls, can also be used in threat modeling meetings as a context diagram. No need to re-draw it as a DFD.
  • Photographs of whiteboards are hard to archive and search without further processing.
  • Photographs of whiteboards may imply that ‘this isn’t very important.” If you have a really strong culture of “just barely good enough” than this might not be the case, but if other documents are more structured or cared for, then photos of a whiteboard may carry a message.
  • Threat modeling only late. If you’re going to get architecture from code, then you may not think about it until the code is written. If you weren’t going to threat model anyway, then this is a win, but if there was a reasonable chance you were going to do the architectural analysis while there was a chance to change the architecture, software tools may take that away.

(Of course, there are apps that help you take images from a whiteboard and improve them, for example, Best iOS OCR Scanning Apps, which I’m ignoring for purposes of teasing things out a bit. Operationally, probably worth digging into.)

I’d love your thoughts: are there other advantages or disadvantages of a whiteboard or software?

Journal of Terrorism and Cyber Insurance

At the RMS blog, we learn they are “Launching a New Journal for Terrorism and Cyber Insurance:”

Natural hazard science is commonly studied at college, and to some level in the insurance industry’s further education and training courses. But this is not the case with terrorism risk. Even if insurance professionals learn about terrorism in the course of their daily business, as they move into other positions, their successors may begin with hardly any technical familiarity with terrorism risk. It is not surprising therefore that, even fifteen years after 9/11, knowledge and understanding of terrorism insurance risk modeling across the industry is still relatively low.

There is no shortage of literature on terrorism, but much has a qualitative geopolitical and international relations focus, and little is directly relevant to terrorism insurance underwriting or risk management.

This is particularly exciting as Gordon Woo was recommended to me as the person to read on insurance math in new fields. His Calculating Catastrophe is comprehensive and deep.

It will be interesting to see who they bring aboard to complement the very strong terrorism risk team on the cyber side.